Page 3 of 3 FirstFirst 123
Results 51 to 59 of 59
  1. #51

    Thumbs up Anti-DDoS Hetzner

    Hello All,

    I have been in the same situation, getting attacks from 100Gbp/s upto 500Gbp/s and the server would go down for long time.

    My solution was this, at the robot panel: (make sure you edit /etc/resolv.conf and add 8.8.8.8 dns)
    i.postimg.cc/7ZYLMwNP/firewall-rules.png

    Also, if the rules above don't work for you, be sure to use iftop and monitor incoming connections, see if most of the spoofed ips attacking you come from the same source port and make sure you block those source ports at the firewall provided on the robot panel.

    As most of these DDoS attacks are from amplified attacks, its fairly easy to detect and create the set of rules on the firewall, it wont even hit ur dedicated box, the packets will be stuck at the hops.

    Here's the network graph: (note that I was pinging my dedicated server and didnt even timeout once)
    i.postimg.cc/tCg7Xjmx/DDoS.png


    Let me know if this helps you guys out, I have had no downtime ever since and I get DDoS attacks nearly everyday, only thing to note here is.. I have seen a lot of people complaining that OVH is better or has stronger network, bare in mind that even OVH can get taken down if the attack is on layer 7, I have seen attacks of 4mbit/s crashing down game servers hosted by OVH, all it takes is the anti-DDoS thinking it's legit packets.

  2. #52
    NEW RULES
    i.postimg.cc/13pG5x9G/firewall-rules.png

  3. #53
    Hetzner have been notorious for null routing ips unless you pay them a premium for protection. Obviously OVH is the best there is for cost effective ddos protection.

    Worth nothing, if your budget is high: https://www.voxility.com/

    They provide 1TB DDoS protection at a price.

  4. #54
    Join Date
    Dec 2010
    Location
    Italy
    Posts
    424
    On my hetzner server they have nulled ip for AttackOutLevel: OUT Attack. Do you know what to do in this case?

  5. #55
    Join Date
    Dec 2007
    Location
    ONLINE
    Posts
    305
    Quote Originally Posted by Lanfr View Post
    On my hetzner server they have nulled ip for AttackOutLevel: OUT Attack. Do you know what to do in this case?

    Assuming your server isn't hacked, you may be getting sync flooded to where your server responds back with massive loads of sync-ack, or DNS floods where your server responds to bot generate queries. A cap will tell you more, but most providers will drop, shut you down on outbound attacks; cost them more than inbound.
    --
    CLAG

  6. #56
    Join Date
    Dec 2010
    Location
    Italy
    Posts
    424
    The server is new, only a week old, so I don't think it's hacked. I have transferred sites to this server that were resident on another server that was experiencing ddos attacks, so one of these sites is likely to be the problem. Now I'm buying imunify 360 to see if I solve the sync flood problem.

  7. #57
    Join Date
    Dec 2010
    Location
    Italy
    Posts
    424
    Quote Originally Posted by selinux View Post
    Assuming your server isn't hacked, you may be getting sync flooded to where your server responds back with massive loads of sync-ack, or DNS floods where your server responds to bot generate queries. A cap will tell you more, but most providers will drop, shut you down on outbound attacks; cost them more than inbound.
    In your opinion, can this be of help?

    /etc/sysctl.conf file

    #shut off syn attacks
    echo 1 > /proc/sys/net/ipv4/tcp_syncookies

    # Stop DOS pings
    echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

  8. #58
    Join Date
    Dec 2010
    Location
    Italy
    Posts
    424
    However, just for knowledge, since I installed imunify 360 it seems that the problem has been solved, it is truly a great product.

  9. #59
    Quote Originally Posted by Lanfr View Post
    However, just for knowledge, since I installed imunify 360 it seems that the problem has been solved, it is truly a great product.
    I said Imunify360 would help on Page 2. Yes, IM360 is excellent. Glad to hear it helped!
    HostXNow - Shared Web Hosting | Semi Dedicated Hosting | Enterprise Reseller Hosting | VPS Hosting

Page 3 of 3 FirstFirst 123

Similar Threads

  1. How do i scale my web application properly when it comes to users.
    By Saphant in forum Programming Discussion
    Replies: 7
    Last Post: 08-03-2014, 08:12 PM
  2. Replies: 15
    Last Post: 03-12-2011, 02:44 PM
  3. Replies: 11
    Last Post: 04-09-2004, 04:24 AM
  4. PING is KING when it comes to gaming
    By jcooper in forum Dedicated Hosting Offers
    Replies: 27
    Last Post: 01-23-2003, 03:05 PM
  5. PING is KING when it comes to gaming
    By jcooper in forum Dedicated Hosting Offers
    Replies: 4
    Last Post: 12-06-2002, 09:44 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •